MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.
History

Wed, 18 Dec 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Mantisbt
Mantisbt mantisbt
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
Vendors & Products Mantisbt
Mantisbt mantisbt

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-20T21:44:27.707Z

Updated: 2024-08-01T23:13:08.218Z

Reserved: 2024-01-22T22:23:54.339Z

Link: CVE-2024-23830

cve-icon Vulnrichment

Updated: 2024-08-01T23:13:08.218Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-20T22:15:08.460

Modified: 2024-12-18T18:03:25.023

Link: CVE-2024-23830

cve-icon Redhat

No data.